Red Cross data breach

On 20 January 2022, the International Committee of the Red Cross made an appeal to hackers who had stolen private data, saying they would speak "directly and confidentially" to those responsible for the attack.^[1]^[2]^[3] The hackers had stolen private data on more than 515,000 vulnerable people from at least 60 Red Cross and Red Crescent societies.^[1]^[2]^[3] The data belonged to individuals whose information was stored as part of the Red Cross and Red Crescent Movement’s Restoring Family Links programme, which helps reconnect people separated by conflict, disaster, migration and other crises.^[4] So far there is no proof that the data has been leaked, but the ICRC said that their gravest concern was the risk posed by exposing the data.^[1]^[2]^[3]

The attackers targeted servers used by the ICRC (initially thought to be hosted by a third‑party contractor) and accessed sensitive personal data, including names, contact details, locations, and other identifying information.^[5] The attack was aimed at a Swiss contractor that stored the data.^[3]

The perpetrators have not been identified. Some third‑party analyses have described the attack as “highly sophisticated” and comparable in profile to state‑sponsored operations, although no direct attribution has been established.^[6] A 2024 cybersecurity analysis suggests the breach occurred through an unpatched critical vulnerability in authentication software, which allowed the attackers to compromise administrator credentials and move within ICRC systems to exfiltrate data.^[7]

Impact

The ICRC has suspended access to compromised computer systems which are part of the Restoring Family Links programme, which was targeted in the attack.^[1]^[2]^[3] A spokesman said "We will do our utmost to ensure some business continuity and a resumption of services as soon as possible".^[1]^[3]

References

^ ^a ^b ^c ^d ^e "Red Cross appeals to hackers after major cyberattack". TheJournal.ie. 2022-01-20. Retrieved 2022-01-21.
^ ^a ^b ^c ^d McGowran, Leigh (2022-01-20). "Red Cross cyberattack exposes data of 515,000 'highly vulnerable people'". Silicon Republic. Retrieved 2022-01-21.
^ ^a ^b ^c ^d ^e ^f Dobberstein, Laura (2022-01-20). "Red Cross forced to shutter family reunion service following cyberattack and data leak". The Register. Retrieved 2022-01-21.
^ "Cyber-attack targets Red Cross Red Crescent data | ICRC". www.icrc.org. 2022-01-19. Retrieved 2026-01-06.
^ "Cyber-attack targets Red Cross Red Crescent data | ICRC". www.icrc.org. 2022-01-19. Retrieved 2026-01-06.
^ "How Did Red Cross Get Hacked? | UpGuard". www.upguard.com. Retrieved 2026-01-06.
^ "What happened in the Red Cross data breach? | Twingate". www.twingate.com. Retrieved 2026-01-06.

External links

Sophisticated cyber-attack targets Red Cross Red Crescent data on 500,000 people - www.icrc.org
Cyberattack on International Committee of the Red Cross - www.redcross.org

This crime-related article is a stub. You can help Wikipedia by expanding it.

[tj-red-cross-appeals-1] "Red Cross appeals to hackers after major cyberattack". TheJournal.ie. 2022-01-20. Retrieved 2022-01-21.

[sr-red-cross-cyberattack-2] McGowran, Leigh (2022-01-20). "Red Cross cyberattack exposes data of 515,000 'highly vulnerable people'". Silicon Republic. Retrieved 2022-01-21.

[tr-red-cross-forced-to-shutter-family-reunion-service-3] ^ ^a ^b ^c ^d ^e ^f Dobberstein, Laura (2022-01-20). "Red Cross forced to shutter family reunion service following cyberattack and data leak". The Register. Retrieved 2022-01-21.

[4] "Cyber-attack targets Red Cross Red Crescent data | ICRC". www.icrc.org. 2022-01-19. Retrieved 2026-01-06.

[5] "Cyber-attack targets Red Cross Red Crescent data | ICRC". www.icrc.org. 2022-01-19. Retrieved 2026-01-06.

[6] "How Did Red Cross Get Hacked? | UpGuard". www.upguard.com. Retrieved 2026-01-06.

[7] "What happened in the Red Cross data breach? | Twingate". www.twingate.com. Retrieved 2026-01-06.

[1]

[2]

[3]

[4]

[5]

[6]

[7]